用NetStat命令查看服务器端口时,发现服务器udp端口开放了好多,最少在1000个以上,,经过仔细仔细检查了一下,网上查阅到如下这个解决办法:
https://serverfault.com/questions/558104/dns-exe-allocates-5000-ports-immediately
This is a well-known side effect of the hotfix distributed to address MS08-037, since the hotfix is intended to decrease the predictability of ports used for DNS responses.
You can restrict the amount of ports used by defining a lower Socket Pool Size, as described in this article:
Using dnscmd.exe
- Open an elevated Command Prompt (Run as Administrator…)
- Issue
dnscmd /Config /SocketPoolSize <value>where<value>is a number between 0 and 10000 - Restart the DNS Server service:
net stop dns && net start dns
Using regedit.exe
- Open
regedit.exeand expand theHKLMhive - Navigate to
SYSTEM\CurrentControlSet\services\DNS\Parameters - If not already present, create a new
DWORDvalue namedSocketPoolSize - Set a decimal value between 0 and 10000
- Restart the DNS Server service:
net stop dns && net start dns
Be aware that setting the value too low, effectively defeats the purpose of MS08-037
If you’re on Windows Server 2008 R2 and just want to make sure that a number of individual UDP endpoints are not used by DNS, you can also specify a list of port ranges to be excluded from use by DNS:
dnscmd /Config /SocketPoolExcludedPortRanges <start>-<end>